Saturday, March 28, 2009

Establishing HTTPS connection with tomcat

It is very simple to configure SSL connection with Tomcat. But before doing this it is essential to get idea about the basics of cryptography concepts with HTTPS.

(source http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security6.html)

Secure Socket Layer (SSL) technology allows web browsers and web servers to communicate over a secure connection. In this secure connection, the data that is being sent is encrypted before being sent and then is decrypted upon receipt and before processing. Both the browser and the server encrypt all traffic before sending any data. SSL addresses the following important security considerations.

  • Authentication: During your initial attempt to communicate with a web server over a secure connection, that server will present your web browser with a set of credentials in the form of a server certificate. The purpose of the certificate is to verify that the site is who and what it claims to be. In some cases, the server may request a certificate that the client is who and what it claims to be (which is known as client authentication).
  • Confidentiality: When data is being passed between the client and the server on a network, third parties can view and intercept this data. SSL responses are encrypted so that the data cannot be deciphered by the third party and the data remains confidential.
  • Integrity: When data is being passed between the client and the server on a network, third parties can view and intercept this data. SSL helps guarantee that the data will not be modified in transit by that third party.
This tutorial will describe to establish a HTTPS connection with tomcat server by using java provided keytool.

First generate keys with keytool

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA \
-keystore \"C:keystore"
When doing this please remember to initialize both keystore and privatekey passwords to "changeit"
Then edit $CATALINA_HOME/conf/server.xml file as follows.

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
Connector
          port="8443" minSpareThreads="5" maxSpareThreads="75"
          enableLookups="true" disableUploadTimeout="true"
          acceptCount="100"  maxThreads="200"
          scheme="https" secure="true" SSLEnabled="true"
          keystoreFile="C:\keystore\key_filename" keystorePass="changeit"
          clientAuth="false" sslProtocol="TLS"


Do not forget to uncomment the above connector if it is commented
Then restart the server and go to url,

https://localhost:8443/
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)